Microsoft Web Proxy TCP State Limited Denial of Service (MS09-016; CVE-2009-0077)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-321
Date Published:
Severity:
Source:	Microsoft Security Bulletin MS09-016
Industry Reference(s):	CVE-2009-0077
Protection Provided by:	Security Gateway R75
Who is Vulnerable? Microsoft Forefront Threat Management Gateway Medium Business Edition Microsoft Internet Security and Acceleration Server 2004 Microsoft Internet Security and Acceleration Server 2006
Vulnerability Description A denial of service vulnerability has been reported in Microsoft Internet Security and Acceleration (ISA) Server.

Vulnerability Details
The vulnerability is due to the way the firewall engine handles TCP state for Web proxy listeners. A remote attacker could exploit this vulnerability by sending specially crafted network packets to the affected system. Successful exploitation will cause the Web listener to become non-responsive.

Protection Overview
This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

In the IPS tab, click Protections and find the Microsoft Web Proxy TCP State Limited Denial of Service (MS09-016) protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Proxy Server Enforcement Violation
Attack Information: Microsoft Web Proxy TCP State Limited Denial of Service (MS09-016)

Legal Notice for Threat Center Advisories